Phishing, Part II

Phishing-man

With all the security issues in cyberspace, I’m sure everyone has either heard of “phishing” or been targeted by it. If you have not, I’ll explain what it is and how to avoid being a target. Let’s start with the definition: phishing is the act of defrauding someone online by posing as a legitimate company or person. Simply put, phishing occurs when hackers pretend to be someone or something they are not — to steal from you.

The most common form of phishing occurs when hackers “spoof” an email address. This means an email is made to look like it’s coming from FedEx, or maybe even your boss. These emails often include links to illicit websites, attach fake invoices, or send delivery notifications; all to either spread ransomware or convince you to expose account details, passwords, financial information, or confirmation of a wire transfer.

“Spearphishing” is a new form of hacking and is very dangerous. Hackers employ advanced tactics and social networking to determine details of your role in your company so they can present specific information most employees would not bother to double check.

Here are some statistics Symantec put together:

-Spam emails increased by 53% in 2016.
-In 2016, one in every 131 emails contained malware.
-Fake invoice messages were the #1 type of phishing lure.
-One in every 3000 phishing emails are directed at small to medium- sized businesses (company size ranging from 1-250 employees).
-The word “request” was the most popular keyword in the subject line of phishing emails.
-79% of organizations reported being a victim of a phishing attack in 2016.
-The construction industry saw one of the highest spam rates at 59%.
-90% of companies admitted that one or more employees have fallen for a phishing attack.

To avoid being a victim of these attacks, follow these simple rules:

-Don’t share personal or financial information via email.
-Type in websites you want to visit — don’t just click the link.
-Never open attachments you are not expecting.
-Watch out for misspellings and “urgent” requests.
-Don’t execute wire transfers.

To conclude, I will leave you with this: if you are worried about something suspicious, take the extra time to confirm its origin. This extra step of due diligence can save your business many headaches. And if you have any doubts, don’t click a thing. Delete the email, or contact your IT provider to investigate more closely.